Paketname
xchat
Datum
2000-08-24
Advisory ID
MDKSA-2000:039
Betroffene Versionen
7.1 i586

Problembeschreibung

XChat 1.3.9 and later allow users to right-click on a URL appearing in an IRC discussion and select the "Open in Browser" option. To open the URL in a browser, XChat passes the command to /bin/sh. This allows a malicious URL the ability to execute arbitrary shell commands as the user that is running XChat. This update changes the functionality of XChat to bypass the shell and execute the browser directly. Thanks go to Red Hat for providing the patch.

Aktualisierte Pakete

7.1 i586

 ebf0d4a0d236453f63a797ea20f0758b  7.1/RPMS/xchat-1.4.1-4mdk.i586.rpm
d695396fb97a55c6c7e2cdbb22079c00  7.1/SRPMS/xchat-1.4.1-4mdk.src.rpm